FAQ

Page Discussion Edit History

NginxHttpRealIpModule

Contents

Edit section: Synopsis Synopsis

This module allows to change the client's IP address to value from request header (e. g. X-Real-IP or X-Forwarded-For).

It is useful if nginx works behind some proxy of L7 load balancer, and the request comes from a local IP, but proxy add request header with client's IP.

This module isn't built by default, enable it with the configure option 

--with-http_realip_module

User Note: "You will build a list of trusted proxies (see below) and the first IP in the header which is not trusted will be used as the client IP." Source: README of the Apache module mod_extract . Quite informative, about why and how this security feature is helpful.

Example: 

set_real_ip_from   192.168.1.0/24;
set_real_ip_from   192.168.2.1;
real_ip_header     X-Real-IP;

Edit section: Directives Directives

Edit section: set_real_ip_from set_real_ip_from

syntax: set_real_ip_from [the address|CIDR]

default: none

context: http, server, location

This directive describes the trusted addresses, which transfer accurate address for the replacement.

Edit section: real_ip_header real_ip_header

syntax: real_ip_header [X-Real-IP|X-Forwarded-For]

default: real_ip_header X-Real-IP

context: http, server, location

This directive sets the name of the header used for transferring the replacement IP address.

Edit section: References References

Original Documentation

Retrieved from "http://wiki.nginx.org/NginxHttpRealIpModule"